Skip to content

Getting Started with the PKCS#11 Tracer

On this page we will show you how to use the Cryptosense PKCS#11 Tracer to obtain a cryptography trace from a PKCS#11 application.


Before you use the PKCS#11 Tracer, make sure you have followed the installation instructions.

You will also need a PKCS#11 application that you know how to start from a command line terminal.

Tracing the application

To trace an application:

  • Configure the application to use the tracer DLL ( instead of its original DLL.
  • Configure the tracer to redirect PKCS#11 calls to the original DLL with the CS_DLL_TARGET environment variable.
export CS_DLL_TARGET=/path/to/real/dll
  • Choose a directory where the application has write access and configure it to receive the traces generated.
export CS_OUTPUT_DIR=/path/to/trace/output/directory

And run the application from the command line:


Once the application finishes executing, a trace and log files will be produced in the output directory:

├── trace_2022-06-08-15-32-30-693-17920.cst.gz
└── log_2022-06-08-15-32-30-693-17920.log

The resulting trace can now be uploaded to the Cryptosense Analyzer Platform.

See the manual to learn how to use the rest of parameters offered by the tracer.